Released on Jan 3, 2022

About Moxa

Moxa is a leading provider of edge connectivity, industrial computing, and network infrastructure

solutions for enabling connectivity for the Industrial Internet of Things (IIoT). With over 30 years of

industry experience, Moxa has connected more than 71 m

illion devices worldwide and has a

distribution and service network that reaches customers in more than 80 countries. Moxa delivers

lasting business value by empowering industries with reliable networks and sincere service.

Information about Moxa’s solutio

ns is available at www.moxa.com.

The Security Hardening Guide for the MGate 5000

Series

Moxa Technical Support Team

support@moxa.com

Contents

1 Introduction .............................................................................................................. 2

2 General System Information ..................................................................................... 2

2.1 Basic Information About the Device ................................................................ 2

2.2 Deployment of the Device ............................................................................... 3

3 Configuration and Hardening Information ................................................................. 4

3.1 TCP/UDP Ports and Recommended Services ................................................... 4

3.2 HTTPS and SSL Certificates ............................................................................. 8

3.2.1 Behavior of the SSL Certificate on an MGate Device ........................... 8

3.2.2 MGate Self-signed Certificate ............................................................ 9

3.2.3 Importing a Third-party Trusted SSL Certificate ................................ 9

3.3 Account Management.................................................................................... 10

3.4 Accessible IP List .......................................................................................... 12

3.5 Logging and Auditing .................................................................................... 14

3.6 DoS Defense ................................................................................................. 15

4 Patching/Upgrades ................................................................................................. 15

4.1 Patch Management Plan................................................................................ 15

4.2 Firmware Upgrades....................................................................................... 16

5 Security Information and Vulnerability Feedback .................................................... 18

Moxa Tech Note

The Security Hardening Guide for the MGate 5000 Series

Page 2 of 18

1 Introduction

This document provides guidelines on how to configure and secure the MGate 5000

Series. The recommended steps in this document should be considered as best practices

for security in most applications. It is highly recommended that you review and test the

configurations thoroughly before implementing them in your production system in order

to ensure that your application is not negatively impacted.

2 General System Information

2.1 Basic Information About the Device

Model Function

Operating

System

Firmware

Version

MGate 5101 Series

PROFIBUS-to-Modbus TCP

Gateway

Linux v2.2

MGate 5102 Series

PROFIBUS-to-PROFINET

Gateway

Linux v2.3

MGate 5103 Series

Modbus RTU/ASCII/EtherNet/

IP-to-PROFINET Gateway

Linux v2.2

MGate 5105 Series

Modbus RTU/ASCII/TCP-to-

EtherNet/IP Gateway

Linux v4.3

MGate 5109 Series

Modbus RTU/ASCII/TCP-to-

DNP3 serial/TCP Gateway

Linux v2.3

MGate 5111 Series

Modbus/PROFINET/EtherNet/

IP-to-PROFIBUS Gateway

Linux v1.3

MGate 5114 Series

Modbus RTU/ASCII/TCP/

IEC101-to-IEC104 Gateway

Linux v1.3

MGate 5118 Series

CAN-J1939-to-Modbus/

PROFINET/EtherNet/IP Gateway

Linux v2.2

MGate W5108/W5208

Series

IEEE 802.11 a/b/g/n wireless

Modbus/DNP3 Gateway

Linux v2.4

MGate 5217 Series Modbus-to-BACnet/IP gateway

Moxa

Operating

System

v1.2

The MGate 5000 Series is a protocol gateway specifically designed to allow industrial

devices to be directly accessed from a network. Thus, legacy fieldbus devices can be

transformed into different protocols, which can be monitored and controlled from any

network location or even the Internet.